Commit Graph

109 Commits

Author SHA1 Message Date
jsc0218
afa7a95c8c add backward compatibility 2024-02-20 02:11:31 +00:00
Maksim Kita
2a327107b6 Updated implementation 2024-01-25 14:31:49 +03:00
Bharat Nallan Chakravarthy
3e8439a78b add to context access and suggest 2023-12-30 20:38:35 -08:00
Robert Schulze
71faa8b198
Improve checks 2023-10-19 22:16:17 +00:00
Robert Schulze
48cff2fcec
Add diagnostic checks for issue 55041 2023-10-19 18:04:49 +00:00
Alexey Milovidov
93a10980e9 Fix review comments 2023-08-06 16:27:45 +02:00
Alexey Milovidov
ce2fcc8f33 Fix wording 2023-08-06 14:48:20 +02:00
Alexey Gerasimchuck
e58b3cfd32 Implemented max sessions for user 2023-07-30 22:09:03 +00:00
Vitaly Baranov
fff1ae7369 Use default destructor for ContextAccess. 2023-07-17 17:14:00 +02:00
Vitaly Baranov
0e4b75a282 Avoid keeping lock Context::getLock() while calculating access rights when a user logs in. 2023-07-17 14:59:14 +02:00
Vitaly Baranov
018546a57d Avoid keeping lock Context::getLock() while recalculating access rights of a connected user. 2023-07-17 14:59:14 +02:00
Vitaly Baranov
2311dd9b5d Use TSA_GUARDED_BY() macro in the definition of ContextAccess. 2023-06-30 15:18:54 +02:00
Alexey Milovidov
b19b87a3e5 Whitespaces 2023-06-18 20:42:27 +02:00
kssenii
75624c52f7 Merge remote-tracking branch 'upstream/master' into named-collections-granular-access 2023-03-20 16:38:14 +01:00
Roman Vasin
b5bb2eb3dc Add new grant CREATE ARBITRARY TEMPORARY TABLE 2023-03-06 07:20:05 +00:00
kssenii
0555ca2724 Review fixes 2023-02-24 14:44:47 +01:00
kssenii
0c53f33e6f Make code more common: add GlobalWithParameter level 2023-02-15 16:59:43 +01:00
kssenii
9e04e57949 Allow to give access only to certain named collections 2023-02-09 17:22:57 +01:00
Alexander Tokmakov
3744fa2c63 format more messages 2023-01-25 21:16:42 +01:00
Alexander Tokmakov
3f6594f4c6 forbid old ctor of Exception 2023-01-23 22:18:05 +01:00
Alexander Tokmakov
70d1adfe4b
Better formatting for exception messages (#45449)
* save format string for NetException

* format exceptions

* format exceptions 2

* format exceptions 3

* format exceptions 4

* format exceptions 5

* format exceptions 6

* fix

* format exceptions 7

* format exceptions 8

* Update MergeTreeIndexGin.cpp

* Update AggregateFunctionMap.cpp

* Update AggregateFunctionMap.cpp

* fix
2023-01-24 00:13:58 +03:00
Vitaly Baranov
6bc8b544ce
Merge branch 'master' into correct-error-message-after-dropping-current-user 2022-11-10 13:36:52 +01:00
Vitaly Baranov
675507594a Make error message after dropping current user more correct. 2022-11-09 21:01:05 +01:00
Vladimir Chebotaryov
d17b7387f9 Reworked changes to std::shared_ptr<const RowPolicyFilter>. 2022-10-27 10:42:55 +03:00
Vladimir Chebotaryov
4cabe1f57c Added applied row-level policies to system.query_log. 2022-10-27 10:41:47 +03:00
Robert Schulze
c185353bf0
Minor: remove unnecessary ContextAccess::make() method 2022-08-30 08:06:42 +00:00
Konstantin Morozov
38a85ade27 refactoring: small up 2022-08-28 22:33:12 +03:00
Konstantin Morozov
b4de735a90 refactoring: fix space 2022-08-28 20:55:08 +03:00
Konstantin Morozov
75bd61fad5 Merge remote-tracking branch 'origin/ref/remove-unnecessary-allocation' into ref/remove-unnecessary-allocation
# Conflicts:
#	src/Access/ContextAccess.cpp
#	src/Access/ContextAccess.h
2022-08-28 20:50:29 +03:00
Konstantin Morozov
7cd2821aed refactoring: template make helper 2022-08-28 20:42:55 +03:00
Konstantin Morozov
4050ab819e refactoring: remove unnecessary allocation 2022-08-28 17:23:17 +03:00
Konstantin Morozov
d4d80dd3c1 refactoring: remove unnecessary allocation 2022-08-28 17:09:13 +03:00
Vitaly Baranov
6bf7bffbeb Correct the list of always accessible system tables. 2022-07-15 15:44:29 +02:00
Vitaly Baranov
de34d173ba Remove excessive log messages. 2022-07-15 15:44:29 +02:00
Vitaly Baranov
c85b2b5732 Add option enabling that SELECT from the system database requires grant. 2022-07-15 15:44:25 +02:00
avogar
9291d33080 Pass const std::string_view & by value, not by reference 2022-07-14 16:11:57 +00:00
Vitaly Baranov
ae2f586170 Fix crash when granting ALL on cluster. 2022-07-01 12:19:56 +02:00
Vitaly Baranov
241b51c7d4
Add implicit grants with grant option too. (#38017) 2022-06-14 00:09:51 +02:00
Vitaly Baranov
d199478169
Merge pull request #37303 from ClickHouse/fix_trash
Try to fix some trash
2022-06-07 10:17:39 +02:00
Alexander Tokmakov
cce9057eef fix style check 2022-06-02 15:27:32 +02:00
Alexander Tokmakov
3d346c766a better code 2022-06-01 16:49:26 +02:00
Maksim Kita
d1a4550b4f Fix create or drop of sql user defined functions in readonly mode 2022-05-31 17:23:41 +02:00
Alexander Tokmakov
4e52f45695 Merge branch 'master' into fix_trash 2022-05-28 19:43:19 +02:00
Alexander Tokmakov
779e6ea0b9 make it better, fix on cluster queries 2022-05-25 20:17:49 +02:00
Vitaly Baranov
58f4a86ec7 Rework notifications used in access management. 2022-05-21 10:15:39 +02:00
Vitaly Baranov
f34a5cdee2
Merge branch 'master' into ON_CLUSTER-grant 2022-05-17 13:21:20 +02:00
Azat Khuzhin
01e1c5345a Add separate CLUSTER grant
In case you have different roles for the same user on multiple clusters,
ON CLUSTER query can help to overcome some limitations.

Consider the following example:
- cluster_with_data, dev_user (readonly=2)
- stage_cluster, dev_user (readonly=0)

So when you will execute the following query from stage_cluster, it will
be successfully executed, since ON CLUSTER queries has different system
profile:

    DROP DATABASE default ON CLUSTER cluster_with_data

This is not 100% safe, but at least something.

Note, that right now only ON CLUSTER query it self is supported, but
separate clusters are not (i.e. GRANT CLUSTER some_cluster_name TO
default), since right now grants sticked to database+.

v2: on_cluster_queries_require_cluster_grant
v3: fix test and process flags as bit mask
Signed-off-by: Azat Khuzhin <a.khuzhin@semrush.com>
2022-05-16 13:57:45 +03:00
Robert Schulze
1b81bb49b4
Enable clang-tidy modernize-deprecated-headers & hicpp-deprecated-headers
Official docs:

  Some headers from C library were deprecated in C++ and are no longer
  welcome in C++ codebases. Some have no effect in C++. For more details
  refer to the C++ 14 Standard [depr.c.headers] section. This check
  replaces C standard library headers with their C++ alternatives and
  removes redundant ones.
2022-05-09 08:23:33 +02:00
Amos Bird
4a5e4274f0
base should not depend on Common 2022-04-29 10:26:35 +08:00
Maksim Kita
47412c9619 Fixed unit tests 2022-02-10 19:31:02 +00:00